How hacktivist group RedHack gamed Turkey’s censorship regime

The Turkish government blockedGoogle Drive, Dropbox, OneDrive and even Github to stop leaked emails of Energy Minister, Berat Albayrak, from spreading further—exactly how the hackers behind the email leak expected them to react, allowing them to spread the leak further using the Streisand Effect.

(“The whole country now thinks, ‘What the heck is in Berat's emails to worth a github ban?’”)

The Daily Dot previously reported that the Marxist hacktivist group, RedHack, has compromised the private email accounts of Minister Albayrak—Turkish President Recep Tayyip Erdoğan’s son-in-law—and leaked the 17GB email archive to a group of journalists, including the Daily Dot.

Two days ago, when Cemil Uğur, a reporter from the leftist daily Evrensel, was imprisoned for “making propaganda an illegal organisation,” RedHack threatened to leak the email archive publicly if Uğur and other jailed reporters are not released within a day. After the deadline, the group followed through its threat.

To our turkish followers and journalists; follow RedHack's new account @TheRedHack97 re the email dump. This time it's public. #Turkey

RedHack’s current Twitter account, @TheRedHack97, started to share direct download links and torrent files of the email archive on various cloud platforms and file-sharing services and published a guide on Medium about importing the archive into the open-source email client Thunderbird.

To overcome the Turkish government’s notorious censorship, the hacker group diversified sources, including with links on StackOverflow profiles and in the deep halls of the Internet Archive —prompting the Turkish government to ban them all one by one, including blocking the “archive.org” domain and banning access to the Wayback Machine along the way.

But RedHack said they have calculated the most impact by uploading the torrent file to the GitHub, forcing the Turkish government into a hard choice between blocking the world’s biggest source-code repository or facing the fact that the leak will be available to the public.

Within four hours of the leak, Turkey’s internet authority decided to issue a nationwide block on GitHub, which was lifted approximately 18 hours later—a period long enough to makeheadlinesallaroundtheworld. Meanwhile, the content that RedHack uploaded on the GitHub was not removed at all; instead, the group is now uploading screenshots of emails to further circumvent Turkey’s censorship.

The ban on Google Drive was also lifted after 15 hours despite the re-uploaded torrent file still being accessible. The block on Dropbox has also been lifted. As of this writing, OneDrive, however, remains blocked.

While the Google Drive access problems halted many corporate services inside Turkey, the block on GitHub had collateral damages for the general public as well. For example, websites using Font Awesome were not displaying their content properly, and MacOS package manager system Homebrew was reportedly not working.

The GitHub block certainly hit the Turkish developers most, making “#GitHub” hashtag one of Twitter’s top trends in Turkey. RedHack jokingly tweeted, “one-day general strike for developers,” in reference to the GitHub block.

At the end of the day, all of Turkey’s blocking attempts to stop the world’s leading cloud services seemed to be in vain, as RedHack kept sharing the torrent file and magnet link that points to the 10.9GB compressed (.rar) archive of the email dump on all possible platforms, which was then downloaded and seeded by hundreds of people inside Turkey and abroad. For the users of Tor, a popular encrypted anonymity network and suite of privacy tools, RedHack also installed a web viewer for the emails on a .onion server used to access content through the Tor network:

Turkish government’s increasing control of the domestic media is rightfully concerning. But its attempts to control the online world is evidently a failure when groups such as RedHack know how to turn the tables.